squeakroad
squeakroad copied to clipboard
yzernik
RUSTSEC-2022-0090: `libsqlite3-sys` via C SQLite CVE-2022-35737
libsqlite3-sysvia C SQLite CVE-2022-35737
| Details | |
|---|---|
| Package | libsqlite3-sys |
| Version | 0.24.2 |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2022-35737 |
| Date | 2022-08-03 |
| Patched versions | >=0.25.1 |
It was sometimes possible for SQLite versions >= 1.0.12, < 3.39.2 to allow an array-bounds overflow when large string were input into SQLite's printf function.
As libsqlite3-sys bundles SQLite, it is susceptible to the vulnerability. libsqlite3-sys was updated to bundle the patched version of SQLite here.
See advisory page for additional details.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}